INFO: rcu detected stall in tasklet_action
11 views
Skip to first unread message
syzbot
Apr 13, 2019, 8:02:23 PM4/13/19
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 4e76528b Merge 4.14.81 into android-4.14
git tree: android-4.14
console output: https://syzkaller.appspot.com/x/log.txt?x=153c426d400000
kernel config: https://syzkaller.appspot.com/x/.config?x=9e4a95e0186919ba
dashboard link: https://syzkaller.appspot.com/bug?extid=abfcfcab5bf94c7fb1e3
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+abfcfc...@syzkaller.appspotmail.com
audit: type=1400 audit(1542532622.080:6066): avc: denied { map } for
pid=9898 comm="cron" path="/lib/x86_64-linux-gnu/security/pam_env.so"
dev="sda1" ino=2765 scontext=system_u:system_r:kernel_t:s0
tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
INFO: rcu_preempt detected stalls on CPUs/tasks:
Tasks blocked on level-0 rcu_node (CPUs 0-1): P9847
(detected by 0, t=10503 jiffies, g=5886, c=5885, q=4096)
syz-executor3 R running task 26640 9847 1844 0x00000004
Call Trace:
<IRQ>
sched_show_task.cold.31+0x342/0x3c0 kernel/sched/core.c:5230
rcu_print_detail_task_stall_rnp+0xbf/0xf8 kernel/rcu/tree_plugin.h:568
rcu_print_detail_task_stall kernel/rcu/tree_plugin.h:581 [inline]
print_other_cpu_stall kernel/rcu/tree.c:1488 [inline]
check_cpu_stall kernel/rcu/tree.c:1616 [inline]
__rcu_pending kernel/rcu/tree.c:3373 [inline]
rcu_pending kernel/rcu/tree.c:3435 [inline]
rcu_check_callbacks.cold.56+0x7ad/0xd99 kernel/rcu/tree.c:2775
update_process_times+0x24/0x60 kernel/time/timer.c:1588
tick_sched_handle.isra.8+0x73/0x150 kernel/time/tick-sched.c:161
tick_sched_timer+0x7e/0x160 kernel/time/tick-sched.c:1321
__run_hrtimer kernel/time/hrtimer.c:1259 [inline]
__hrtimer_run_queues+0x2d0/0xc10 kernel/time/hrtimer.c:1323
hrtimer_interrupt+0x19a/0x440 kernel/time/hrtimer.c:1357
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1037 [inline]
smp_apic_timer_interrupt+0x13a/0x600 arch/x86/kernel/apic/apic.c:1062
apic_timer_interrupt+0x84/0x90 arch/x86/entry/entry_64.S:787
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:778
[inline]
RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160
[inline]
RIP: 0010:_raw_spin_unlock_irqrestore+0x59/0x70
kernel/locking/spinlock.c:192
RSP: 0018:ffff8801d7607b20 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff10
RAX: 0000000000000007 RBX: 0000000000000246 RCX: 1ffff100333346f4
RDX: 0000000000000000 RSI: ffff8801999a3780 RDI: 0000000000000246
RBP: ffff8801d76249c0 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801d7624a80
R13: ffff8801d76249c0 R14: ffff8801d76249c0 R15: ffff8801d7624a80
unlock_hrtimer_base kernel/time/hrtimer.c:794 [inline]
hrtimer_start_range_ns+0x5de/0x1070 kernel/time/hrtimer.c:998
hrtimer_start include/linux/hrtimer.h:377 [inline]
tcp_internal_pacing net/ipv4/tcp_output.c:976 [inline]
__tcp_transmit_skb+0x1e5a/0x2ce0 net/ipv4/tcp_output.c:1111
tcp_transmit_skb net/ipv4/tcp_output.c:1146 [inline]
tcp_write_xmit+0x5e4/0x48e0 net/ipv4/tcp_output.c:2352
tcp_tsq_handler+0x1cd/0x2f0 net/ipv4/tcp_output.c:752
tcp_tasklet_func+0x42d/0x5b0 net/ipv4/tcp_output.c:788
tasklet_action+0xf6/0x230 kernel/softirq.c:513
__do_softirq+0x20d/0x9bd kernel/softirq.c:288
invoke_softirq kernel/softirq.c:368 [inline]
irq_exit+0x117/0x150 kernel/softirq.c:409
exiting_irq arch/x86/include/asm/apic.h:648 [inline]
smp_apic_timer_interrupt+0x18c/0x600 arch/x86/kernel/apic/apic.c:1064
apic_timer_interrupt+0x84/0x90 arch/x86/entry/entry_64.S:787
</IRQ>
RIP: 0010:arch_local_irq_enable arch/x86/include/asm/paravirt.h:788 [inline]
RIP: 0010:__raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168
[inline]
RIP: 0010:_raw_spin_unlock_irq+0x2b/0x50 kernel/locking/spinlock.c:200
RSP: 0018:ffff88019a0bf440 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff10
RAX: 0000000000000007 RBX: ffff8801d762a240 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffff8801999a3758 RDI: ffff8801999a372c
RBP: ffff88019a0bf498 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801d6641780
R13: ffff88019a893180 R14: 0000000000000001 R15: ffff8801999a2f00
finish_lock_switch kernel/sched/sched.h:1395 [inline]
finish_task_switch+0x1e6/0x610 kernel/sched/core.c:2726
context_switch kernel/sched/core.c:2862 [inline]
__schedule+0x731/0x1ed0 kernel/sched/core.c:3446
preempt_schedule_common+0x1f/0xc0 kernel/sched/core.c:3570
___preempt_schedule+0x16/0x18
__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:161 [inline]
_raw_spin_unlock_irqrestore+0x65/0x70 kernel/locking/spinlock.c:192
spin_unlock_irqrestore include/linux/spinlock.h:372 [inline]
avc_reclaim_node security/selinux/avc.c:539 [inline]
avc_alloc_node+0x30f/0x3b0 security/selinux/avc.c:557
avc_insert security/selinux/avc.c:668 [inline]
avc_compute_av+0x175/0x570 security/selinux/avc.c:974
avc_has_perm_noaudit+0x2a7/0x300 security/selinux/avc.c:1110
cred_has_capability+0x123/0x260 security/selinux/hooks.c:1743
security_capable+0x81/0xc0 security/security.c:280
ns_capable_common+0xcf/0x150 kernel/capability.c:375
ns_capable kernel/capability.c:397 [inline]
capable_wrt_inode_uidgid+0x7b/0xc0 kernel/capability.c:487
generic_permission+0x29c/0x3f0 fs/namei.c:346
do_inode_permission fs/namei.c:393 [inline]
__inode_permission2+0x6b/0x2b0 fs/namei.c:428
inode_permission2+0x2a/0x100 fs/namei.c:485
may_lookup fs/namei.c:1684 [inline]
link_path_walk+0x18e/0xf90 fs/namei.c:2070
path_lookupat.isra.10+0x1f0/0x890 fs/namei.c:2315
filename_lookup.part.18+0x177/0x370 fs/namei.c:2350
filename_lookup fs/namei.c:2343 [inline]
user_path_at_empty+0x4b/0x80 fs/namei.c:2611
user_path_at include/linux/namei.h:57 [inline]
vfs_statx+0xe1/0x180 fs/stat.c:185
vfs_lstat include/linux/fs.h:3080 [inline]
SYSC_newlstat fs/stat.c:350 [inline]
SyS_newlstat+0x81/0xf0 fs/stat.c:344
do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x457569
RSP: 002b:00007f159eed2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000006
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 0000000000457569
RDX: 0000000000000000 RSI: 0000000020000680 RDI: 0000000020000600
RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f159eed36d4
R13: 00000000004c2a01 R14: 00000000004d4008 R15: 00000000ffffffff
syz-executor3 R running task 26640 9847 1844 0x00000004
Call Trace:
<IRQ>
sched_show_task.cold.31+0x342/0x3c0 kernel/sched/core.c:5230
rcu_print_detail_task_stall_rnp+0xbf/0xf8 kernel/rcu/tree_plugin.h:568
rcu_print_detail_task_stall kernel/rcu/tree_plugin.h:583 [inline]
print_other_cpu_stall kernel/rcu/tree.c:1488 [inline]
check_cpu_stall kernel/rcu/tree.c:1616 [inline]
__rcu_pending kernel/rcu/tree.c:3373 [inline]
rcu_pending kernel/rcu/tree.c:3435 [inline]
rcu_check_callbacks.cold.56+0x805/0xd99 kernel/rcu/tree.c:2775
update_process_times+0x24/0x60 kernel/time/timer.c:1588
tick_sched_handle.isra.8+0x73/0x150 kernel/time/tick-sched.c:161
tick_sched_timer+0x7e/0x160 kernel/time/tick-sched.c:1321
__run_hrtimer kernel/time/hrtimer.c:1259 [inline]
__hrtimer_run_queues+0x2d0/0xc10 kernel/time/hrtimer.c:1323
hrtimer_interrupt+0x19a/0x440 kernel/time/hrtimer.c:1357
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1037 [inline]
smp_apic_timer_interrupt+0x13a/0x600 arch/x86/kernel/apic/apic.c:1062
apic_timer_interrupt+0x84/0x90 arch/x86/entry/entry_64.S:787
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:778
[inline]
RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160
[inline]
RIP: 0010:_raw_spin_unlock_irqrestore+0x59/0x70
kernel/locking/spinlock.c:192
RSP: 0018:ffff8801d7607b20 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff10
RAX: 0000000000000007 RBX: 0000000000000246 RCX: 1ffff100333346f4
RDX: 0000000000000000 RSI: ffff8801999a3780 RDI: 0000000000000246
RBP: ffff8801d76249c0 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801d7624a80
R13: ffff8801d76249c0 R14: ffff8801d76249c0 R15: ffff8801d7624a80
unlock_hrtimer_base kernel/time/hrtimer.c:794 [inline]
hrtimer_start_range_ns+0x5de/0x1070 kernel/time/hrtimer.c:998
hrtimer_start include/linux/hrtimer.h:377 [inline]
tcp_internal_pacing net/ipv4/tcp_output.c:976 [inline]
__tcp_transmit_skb+0x1e5a/0x2ce0 net/ipv4/tcp_output.c:1111
tcp_transmit_skb net/ipv4/tcp_output.c:1146 [inline]
tcp_write_xmit+0x5e4/0x48e0 net/ipv4/tcp_output.c:2352
tcp_tsq_handler+0x1cd/0x2f0 net/ipv4/tcp_output.c:752
tcp_tasklet_func+0x42d/0x5b0 net/ipv4/tcp_output.c:788
tasklet_action+0xf6/0x230 kernel/softirq.c:513
__do_softirq+0x20d/0x9bd kernel/softirq.c:288
invoke_softirq kernel/softirq.c:368 [inline]
irq_exit+0x117/0x150 kernel/softirq.c:409
exiting_irq arch/x86/include/asm/apic.h:648 [inline]
smp_apic_timer_interrupt+0x18c/0x600 arch/x86/kernel/apic/apic.c:1064
apic_timer_interrupt+0x84/0x90 arch/x86/entry/entry_64.S:787
</IRQ>
RIP: 0010:arch_local_irq_enable arch/x86/include/asm/paravirt.h:788 [inline]
RIP: 0010:__raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168
[inline]
RIP: 0010:_raw_spin_unlock_irq+0x2b/0x50 kernel/locking/spinlock.c:200
RSP: 0018:ffff88019a0bf440 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff10
RAX: 0000000000000007 RBX: ffff8801d762a240 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffff8801999a3758 RDI: ffff8801999a372c
RBP: ffff88019a0bf498 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801d6641780
R13: ffff88019a893180 R14: 0000000000000001 R15: ffff8801999a2f00
finish_lock_switch kernel/sched/sched.h:1395 [inline]
finish_task_switch+0x1e6/0x610 kernel/sched/core.c:2726
context_switch kernel/sched/core.c:2862 [inline]
__schedule+0x731/0x1ed0 kernel/sched/core.c:3446
preempt_schedule_common+0x1f/0xc0 kernel/sched/core.c:3570
___preempt_schedule+0x16/0x18
__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:161 [inline]
_raw_spin_unlock_irqrestore+0x65/0x70 kernel/locking/spinlock.c:192
spin_unlock_irqrestore include/linux/spinlock.h:372 [inline]
avc_reclaim_node security/selinux/avc.c:539 [inline]
avc_alloc_node+0x30f/0x3b0 security/selinux/avc.c:557
avc_insert security/selinux/avc.c:668 [inline]
avc_compute_av+0x175/0x570 security/selinux/avc.c:974
avc_has_perm_noaudit+0x2a7/0x300 security/selinux/avc.c:1110
cred_has_capability+0x123/0x260 security/selinux/hooks.c:1743
security_capable+0x81/0xc0 security/security.c:280
ns_capable_common+0xcf/0x150 kernel/capability.c:375
ns_capable kernel/capability.c:397 [inline]
capable_wrt_inode_uidgid+0x7b/0xc0 kernel/capability.c:487
generic_permission+0x29c/0x3f0 fs/namei.c:346
do_inode_permission fs/namei.c:393 [inline]
__inode_permission2+0x6b/0x2b0 fs/namei.c:428
inode_permission2+0x2a/0x100 fs/namei.c:485
may_lookup fs/namei.c:1684 [inline]
link_path_walk+0x18e/0xf90 fs/namei.c:2070
path_lookupat.isra.10+0x1f0/0x890 fs/namei.c:2315
filename_lookup.part.18+0x177/0x370 fs/namei.c:2350
filename_lookup fs/namei.c:2343 [inline]
user_path_at_empty+0x4b/0x80 fs/namei.c:2611
user_path_at include/linux/namei.h:57 [inline]
vfs_statx+0xe1/0x180 fs/stat.c:185
vfs_lstat include/linux/fs.h:3080 [inline]
SYSC_newlstat fs/stat.c:350 [inline]
SyS_newlstat+0x81/0xf0 fs/stat.c:344
do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x457569
RSP: 002b:00007f159eed2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000006
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 0000000000457569
RDX: 0000000000000000 RSI: 0000000020000680 RDI: 0000000020000600
RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f159eed36d4
R13: 00000000004c2a01 R14: 00000000004d4008 R15: 00000000ffffffff
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 4e76528b Merge 4.14.81 into android-4.14
git tree: android-4.14
console output: https://syzkaller.appspot.com/x/log.txt?x=153c426d400000
kernel config: https://syzkaller.appspot.com/x/.config?x=9e4a95e0186919ba
dashboard link: https://syzkaller.appspot.com/bug?extid=abfcfcab5bf94c7fb1e3
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+abfcfc...@syzkaller.appspotmail.com
audit: type=1400 audit(1542532622.080:6066): avc: denied { map } for
pid=9898 comm="cron" path="/lib/x86_64-linux-gnu/security/pam_env.so"
dev="sda1" ino=2765 scontext=system_u:system_r:kernel_t:s0
tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
INFO: rcu_preempt detected stalls on CPUs/tasks:
Tasks blocked on level-0 rcu_node (CPUs 0-1): P9847
(detected by 0, t=10503 jiffies, g=5886, c=5885, q=4096)
syz-executor3 R running task 26640 9847 1844 0x00000004
Call Trace:
<IRQ>
sched_show_task.cold.31+0x342/0x3c0 kernel/sched/core.c:5230
rcu_print_detail_task_stall_rnp+0xbf/0xf8 kernel/rcu/tree_plugin.h:568
rcu_print_detail_task_stall kernel/rcu/tree_plugin.h:581 [inline]
print_other_cpu_stall kernel/rcu/tree.c:1488 [inline]
check_cpu_stall kernel/rcu/tree.c:1616 [inline]
__rcu_pending kernel/rcu/tree.c:3373 [inline]
rcu_pending kernel/rcu/tree.c:3435 [inline]
rcu_check_callbacks.cold.56+0x7ad/0xd99 kernel/rcu/tree.c:2775
update_process_times+0x24/0x60 kernel/time/timer.c:1588
tick_sched_handle.isra.8+0x73/0x150 kernel/time/tick-sched.c:161
tick_sched_timer+0x7e/0x160 kernel/time/tick-sched.c:1321
__run_hrtimer kernel/time/hrtimer.c:1259 [inline]
__hrtimer_run_queues+0x2d0/0xc10 kernel/time/hrtimer.c:1323
hrtimer_interrupt+0x19a/0x440 kernel/time/hrtimer.c:1357
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1037 [inline]
smp_apic_timer_interrupt+0x13a/0x600 arch/x86/kernel/apic/apic.c:1062
apic_timer_interrupt+0x84/0x90 arch/x86/entry/entry_64.S:787
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:778
[inline]
RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160
[inline]
RIP: 0010:_raw_spin_unlock_irqrestore+0x59/0x70
kernel/locking/spinlock.c:192
RSP: 0018:ffff8801d7607b20 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff10
RAX: 0000000000000007 RBX: 0000000000000246 RCX: 1ffff100333346f4
RDX: 0000000000000000 RSI: ffff8801999a3780 RDI: 0000000000000246
RBP: ffff8801d76249c0 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801d7624a80
R13: ffff8801d76249c0 R14: ffff8801d76249c0 R15: ffff8801d7624a80
unlock_hrtimer_base kernel/time/hrtimer.c:794 [inline]
hrtimer_start_range_ns+0x5de/0x1070 kernel/time/hrtimer.c:998
hrtimer_start include/linux/hrtimer.h:377 [inline]
tcp_internal_pacing net/ipv4/tcp_output.c:976 [inline]
__tcp_transmit_skb+0x1e5a/0x2ce0 net/ipv4/tcp_output.c:1111
tcp_transmit_skb net/ipv4/tcp_output.c:1146 [inline]
tcp_write_xmit+0x5e4/0x48e0 net/ipv4/tcp_output.c:2352
tcp_tsq_handler+0x1cd/0x2f0 net/ipv4/tcp_output.c:752
tcp_tasklet_func+0x42d/0x5b0 net/ipv4/tcp_output.c:788
tasklet_action+0xf6/0x230 kernel/softirq.c:513
__do_softirq+0x20d/0x9bd kernel/softirq.c:288
invoke_softirq kernel/softirq.c:368 [inline]
irq_exit+0x117/0x150 kernel/softirq.c:409
exiting_irq arch/x86/include/asm/apic.h:648 [inline]
smp_apic_timer_interrupt+0x18c/0x600 arch/x86/kernel/apic/apic.c:1064
apic_timer_interrupt+0x84/0x90 arch/x86/entry/entry_64.S:787
</IRQ>
RIP: 0010:arch_local_irq_enable arch/x86/include/asm/paravirt.h:788 [inline]
RIP: 0010:__raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168
[inline]
RIP: 0010:_raw_spin_unlock_irq+0x2b/0x50 kernel/locking/spinlock.c:200
RSP: 0018:ffff88019a0bf440 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff10
RAX: 0000000000000007 RBX: ffff8801d762a240 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffff8801999a3758 RDI: ffff8801999a372c
RBP: ffff88019a0bf498 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801d6641780
R13: ffff88019a893180 R14: 0000000000000001 R15: ffff8801999a2f00
finish_lock_switch kernel/sched/sched.h:1395 [inline]
finish_task_switch+0x1e6/0x610 kernel/sched/core.c:2726
context_switch kernel/sched/core.c:2862 [inline]
__schedule+0x731/0x1ed0 kernel/sched/core.c:3446
preempt_schedule_common+0x1f/0xc0 kernel/sched/core.c:3570
___preempt_schedule+0x16/0x18
__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:161 [inline]
_raw_spin_unlock_irqrestore+0x65/0x70 kernel/locking/spinlock.c:192
spin_unlock_irqrestore include/linux/spinlock.h:372 [inline]
avc_reclaim_node security/selinux/avc.c:539 [inline]
avc_alloc_node+0x30f/0x3b0 security/selinux/avc.c:557
avc_insert security/selinux/avc.c:668 [inline]
avc_compute_av+0x175/0x570 security/selinux/avc.c:974
avc_has_perm_noaudit+0x2a7/0x300 security/selinux/avc.c:1110
cred_has_capability+0x123/0x260 security/selinux/hooks.c:1743
security_capable+0x81/0xc0 security/security.c:280
ns_capable_common+0xcf/0x150 kernel/capability.c:375
ns_capable kernel/capability.c:397 [inline]
capable_wrt_inode_uidgid+0x7b/0xc0 kernel/capability.c:487
generic_permission+0x29c/0x3f0 fs/namei.c:346
do_inode_permission fs/namei.c:393 [inline]
__inode_permission2+0x6b/0x2b0 fs/namei.c:428
inode_permission2+0x2a/0x100 fs/namei.c:485
may_lookup fs/namei.c:1684 [inline]
link_path_walk+0x18e/0xf90 fs/namei.c:2070
path_lookupat.isra.10+0x1f0/0x890 fs/namei.c:2315
filename_lookup.part.18+0x177/0x370 fs/namei.c:2350
filename_lookup fs/namei.c:2343 [inline]
user_path_at_empty+0x4b/0x80 fs/namei.c:2611
user_path_at include/linux/namei.h:57 [inline]
vfs_statx+0xe1/0x180 fs/stat.c:185
vfs_lstat include/linux/fs.h:3080 [inline]
SYSC_newlstat fs/stat.c:350 [inline]
SyS_newlstat+0x81/0xf0 fs/stat.c:344
do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x457569
RSP: 002b:00007f159eed2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000006
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 0000000000457569
RDX: 0000000000000000 RSI: 0000000020000680 RDI: 0000000020000600
RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f159eed36d4
R13: 00000000004c2a01 R14: 00000000004d4008 R15: 00000000ffffffff
syz-executor3 R running task 26640 9847 1844 0x00000004
Call Trace:
<IRQ>
sched_show_task.cold.31+0x342/0x3c0 kernel/sched/core.c:5230
rcu_print_detail_task_stall_rnp+0xbf/0xf8 kernel/rcu/tree_plugin.h:568
rcu_print_detail_task_stall kernel/rcu/tree_plugin.h:583 [inline]
print_other_cpu_stall kernel/rcu/tree.c:1488 [inline]
check_cpu_stall kernel/rcu/tree.c:1616 [inline]
__rcu_pending kernel/rcu/tree.c:3373 [inline]
rcu_pending kernel/rcu/tree.c:3435 [inline]
rcu_check_callbacks.cold.56+0x805/0xd99 kernel/rcu/tree.c:2775
update_process_times+0x24/0x60 kernel/time/timer.c:1588
tick_sched_handle.isra.8+0x73/0x150 kernel/time/tick-sched.c:161
tick_sched_timer+0x7e/0x160 kernel/time/tick-sched.c:1321
__run_hrtimer kernel/time/hrtimer.c:1259 [inline]
__hrtimer_run_queues+0x2d0/0xc10 kernel/time/hrtimer.c:1323
hrtimer_interrupt+0x19a/0x440 kernel/time/hrtimer.c:1357
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1037 [inline]
smp_apic_timer_interrupt+0x13a/0x600 arch/x86/kernel/apic/apic.c:1062
apic_timer_interrupt+0x84/0x90 arch/x86/entry/entry_64.S:787
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:778
[inline]
RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160
[inline]
RIP: 0010:_raw_spin_unlock_irqrestore+0x59/0x70
kernel/locking/spinlock.c:192
RSP: 0018:ffff8801d7607b20 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff10
RAX: 0000000000000007 RBX: 0000000000000246 RCX: 1ffff100333346f4
RDX: 0000000000000000 RSI: ffff8801999a3780 RDI: 0000000000000246
RBP: ffff8801d76249c0 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801d7624a80
R13: ffff8801d76249c0 R14: ffff8801d76249c0 R15: ffff8801d7624a80
unlock_hrtimer_base kernel/time/hrtimer.c:794 [inline]
hrtimer_start_range_ns+0x5de/0x1070 kernel/time/hrtimer.c:998
hrtimer_start include/linux/hrtimer.h:377 [inline]
tcp_internal_pacing net/ipv4/tcp_output.c:976 [inline]
__tcp_transmit_skb+0x1e5a/0x2ce0 net/ipv4/tcp_output.c:1111
tcp_transmit_skb net/ipv4/tcp_output.c:1146 [inline]
tcp_write_xmit+0x5e4/0x48e0 net/ipv4/tcp_output.c:2352
tcp_tsq_handler+0x1cd/0x2f0 net/ipv4/tcp_output.c:752
tcp_tasklet_func+0x42d/0x5b0 net/ipv4/tcp_output.c:788
tasklet_action+0xf6/0x230 kernel/softirq.c:513
__do_softirq+0x20d/0x9bd kernel/softirq.c:288
invoke_softirq kernel/softirq.c:368 [inline]
irq_exit+0x117/0x150 kernel/softirq.c:409
exiting_irq arch/x86/include/asm/apic.h:648 [inline]
smp_apic_timer_interrupt+0x18c/0x600 arch/x86/kernel/apic/apic.c:1064
apic_timer_interrupt+0x84/0x90 arch/x86/entry/entry_64.S:787
</IRQ>
RIP: 0010:arch_local_irq_enable arch/x86/include/asm/paravirt.h:788 [inline]
RIP: 0010:__raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168
[inline]
RIP: 0010:_raw_spin_unlock_irq+0x2b/0x50 kernel/locking/spinlock.c:200
RSP: 0018:ffff88019a0bf440 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff10
RAX: 0000000000000007 RBX: ffff8801d762a240 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffff8801999a3758 RDI: ffff8801999a372c
RBP: ffff88019a0bf498 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801d6641780
R13: ffff88019a893180 R14: 0000000000000001 R15: ffff8801999a2f00
finish_lock_switch kernel/sched/sched.h:1395 [inline]
finish_task_switch+0x1e6/0x610 kernel/sched/core.c:2726
context_switch kernel/sched/core.c:2862 [inline]
__schedule+0x731/0x1ed0 kernel/sched/core.c:3446
preempt_schedule_common+0x1f/0xc0 kernel/sched/core.c:3570
___preempt_schedule+0x16/0x18
__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:161 [inline]
_raw_spin_unlock_irqrestore+0x65/0x70 kernel/locking/spinlock.c:192
spin_unlock_irqrestore include/linux/spinlock.h:372 [inline]
avc_reclaim_node security/selinux/avc.c:539 [inline]
avc_alloc_node+0x30f/0x3b0 security/selinux/avc.c:557
avc_insert security/selinux/avc.c:668 [inline]
avc_compute_av+0x175/0x570 security/selinux/avc.c:974
avc_has_perm_noaudit+0x2a7/0x300 security/selinux/avc.c:1110
cred_has_capability+0x123/0x260 security/selinux/hooks.c:1743
security_capable+0x81/0xc0 security/security.c:280
ns_capable_common+0xcf/0x150 kernel/capability.c:375
ns_capable kernel/capability.c:397 [inline]
capable_wrt_inode_uidgid+0x7b/0xc0 kernel/capability.c:487
generic_permission+0x29c/0x3f0 fs/namei.c:346
do_inode_permission fs/namei.c:393 [inline]
__inode_permission2+0x6b/0x2b0 fs/namei.c:428
inode_permission2+0x2a/0x100 fs/namei.c:485
may_lookup fs/namei.c:1684 [inline]
link_path_walk+0x18e/0xf90 fs/namei.c:2070
path_lookupat.isra.10+0x1f0/0x890 fs/namei.c:2315
filename_lookup.part.18+0x177/0x370 fs/namei.c:2350
filename_lookup fs/namei.c:2343 [inline]
user_path_at_empty+0x4b/0x80 fs/namei.c:2611
user_path_at include/linux/namei.h:57 [inline]
vfs_statx+0xe1/0x180 fs/stat.c:185
vfs_lstat include/linux/fs.h:3080 [inline]
SYSC_newlstat fs/stat.c:350 [inline]
SyS_newlstat+0x81/0xf0 fs/stat.c:344
do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x457569
RSP: 002b:00007f159eed2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000006
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 0000000000457569
RDX: 0000000000000000 RSI: 0000000020000680 RDI: 0000000020000600
RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f159eed36d4
R13: 00000000004c2a01 R14: 00000000004d4008 R15: 00000000ffffffff
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Jun 23, 2019, 4:13:04 AM6/23/19
to syzkaller-a...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages